Hyperparticle
commented
3 years ago The 100 samples refers to 100 images selected from the CIFAR10 dataset, for a total of 100 attacked images. The main reason it isn't tested on all images is due to the amount of time required, but you can increase this limit. From my observations, the small sample is fairly close to the true ratio of successful attacks.
Hello, I want to ask a question about the dataset. Here, "Attack on 1,3,5 pixel perturbations (100 samples)" refers to the result of an attack on 100 images randomly selected from the original cifar10 dataset? Or is it the result of generating 100 adversarial images for each of the 10,000 images in the cifar10 test dataset? Thank you!